Machine data-derived key performance indicators with per-entity states

US 10,650,051 B2
Filed: 12/12/2016
Issued: 05/12/2020
Est. Priority Date: 10/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service;

storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value;

wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity;

wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment; and

wherein the method is performed by a computer system comprising one or more processors coupled to computer storage.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Raw machine data are captured and may be organized as events. Entity definitions representing machine entities that perform a service identify the machine data pertaining to respective entities. KPI search queries each define a KPI. Each KPI search query derives one or more values for the KPI from machine data identified in the entity definitions. The derivation may be performed on a per-entity basis and on the aggregate. The derived values may then be translated into a state value domain using per-entity thresholds, aggregate thresholds, or a combination.

233 Citations

30 Claims

1. A method comprising:
- receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service;
  
  storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value;
  
  wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity;
  
  wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment; and
  
  wherein the method is performed by a computer system comprising one or more processors coupled to computer storage.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein receiving information includes receiving information based on user interaction with an interface having one or more interface components enabling a user to indicate at least one of the thresholds and the per-entity application of the thresholds.
  - 3. The method of claim 1 wherein receiving information includes receiving information based on user interaction with an interface having an interface component enabling a user to indicate at least one of the one or more thresholds.
  - 4. The method of claim 1 wherein receiving information includes receiving information based on user interaction with an interface having a first interface component enabling a user to indicate at least one of the one or more thresholds and a second interface component enabling a user to indicate the per-entity application of the thresholds.
  - 5. The method of claim 1 wherein the determining of the KPI state includes:
    - determining a contribution of a particular one of the entities by applying a determination component of the search query to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity.
  - 6. The method of claim 1 wherein the determining of the KPI state includes:
    - determining an overall contribution by applying a determination component of the search query to the machine data;
      
      determining a contribution of a particular one of the entities by applying the determination component to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity and on applying an aggregate threshold to the determined overall contribution.
  - 7. The method of claim 1 further comprising:
    - causing display of a user interface portion showing contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds.
  - 8. The method of claim 1 further comprising:
    - causing display of a user interface showing individual contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds, and wherein each of the contributions is determined by applying a determination component of the search query to an aggregate of machine data corresponding to a particular entity.
  - 9. The method of claim 1 wherein the machine data associated with at least one of the entities comes from more than one source.
  - 10. The method of claim 1 wherein the machine data associated with a particular one of the entities comes from the particular entity and at least one other source.
  - 11. The method of claim 1 wherein the machine data is represented as stored event instances each having a segment of raw machine data.
  - 12. The method of claim 1 wherein the machine data is represented as stored events, the stored events created without reference to the stored service definition.
  - 13. The method of claim 1 wherein the machine data is represented as stored events each having a timestamp, the stored events created without reference to the stored service definition.

14. A system comprising:
- a memory; and
  
  a processing device coupled with the memory to;
  
  receive information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service;
  
  store the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value; and
  
  wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity;
  
  wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system of claim 14 wherein to receive information includes receiving information based on user interaction with an interface having one or more interface components enabling a user to indicate at least one of the thresholds and the per-entity application of the thresholds.
  - 16. The system of claim 14 wherein the determining of the KPI state includes:
    - determining a contribution of a particular one of the entities by applying a determination component of the search query to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity.
  - 17. The system of claim 14 wherein the determining of the KPI state includes:
    - determining an overall contribution by applying a determination component of the search query to the machine data;
      
      determining a contribution of a particular one of the entities by applying the determination component to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity and on applying an aggregate threshold to the determined overall contribution.
  - 18. The system of claim 14, the processing device coupled with the memory further to:
    - cause display of a user interface showing contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds.
  - 19. The system of claim 14, the processing device coupled with the memory further to:
    - cause display of a user interface portion showing individual contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds, and wherein each of the contributions is determined by applying a determination component of the search query to an aggregate of machine data corresponding to a particular entity.
  - 20. The system of claim 14 wherein the machine data associated with at least one of the entities comes from more than one source.
  - 21. The system of claim 14 wherein the machine data is represented as stored events each having a segment of raw machine data.
  - 22. The system of claim 14 wherein the machine data is represented as stored events, the stored events created without reference to the stored service definition.
  - 23. The system of claim 14 wherein the machine data is represented as stored events each having a timestamp, the stored events created without reference to the stored service definition.

24. A non-transitory computer readable storage medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the one or more processing devices to perform operations comprising:
- receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service;
  
  storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value; and
  
  wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity;
  
  wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The non-transitory computer readable storage medium of claim 24, wherein receiving information includes receiving information based on user interaction with an interface having one or more interface components enabling a user to indicate at least one of the thresholds and the per-entity application of the thresholds.
  - 26. The non-transitory computer readable storage medium of claim 24, wherein the determining of the KPI state includes:
    - determining a contribution of a particular one of the entities by applying a determination component of the search query to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity.
  - 27. The non-transitory computer readable storage medium of claim 24, wherein the determining of the KPI state includes:
    - determining an overall contribution by applying a determination component of the search query to the machine data;
      
      determining a contribution of a particular one of the entities by applying the determination component to an aggregate of machine data corresponding to the particular entity to produce the per-entity contribution; and
      
      selecting a KPI state based at least in part on applying at least one of the thresholds to the determined contribution of the particular entity and on applying an aggregate threshold to the determined overall contribution.
  - 28. The non-transitory computer readable storage medium of claim 24, the operations further comprising:
    - causing display of a user interface portion showing contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds.
  - 29. The non-transitory computer readable storage medium of claim 24, the operations further comprising:
    - causing display of a user interface showing individual contributions of one or more of the entities and a visual representation of one or more of the plurality of KPI states, wherein the visual representation is determined at least in part by the thresholds, and wherein each of the contributions is determined by applying a determination component of the search query to an aggregate of machine data corresponding to a particular entity.
  - 30. The non-transitory computer readable storage medium of claim 24 wherein the machine data is represented as stored events, the stored events created without reference to a stored definition of the service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Alekseyev, Leonid Viktorovich, Bingham, Brian John, Fletcher, Tristan Antonio, Reyes, Brian C.
Primary Examiner(s)
Tran, Nam T

Application Number

US15/376,516
Publication Number

US 20170155558A1
Time in Patent Office

1,247 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/321   Display for diagnostics, e....

G06F 11/34   Recording or statistical ev...

G06F 16/24542   Plan optimisation

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 16/252   between a Database Manageme...

G06F 16/26   Visual data mining; Browsin...

G06F 16/334   Query execution G06F16/335 ...

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 16/903   Querying for retrieval from...

G06F 16/90335   Query processing

G06F 16/9038   Presentation of query results

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 3/0481   based on specific propertie...

G06F 3/04817   using icons graphical or vi...

G06F 3/0482   Interaction with lists of s...

G06F 3/0484   for the control of specific...

G06F 3/04842   Selection of displayed obje...

G06F 3/04847 : Interaction techniques to c...

G06F 9/542 : Event management; Broadcast...

G06Q 10/0637 : Strategic management or ana...

G06Q 10/0639 : Performance analysis of emp...

G06Q 10/06393 : Score-carding, benchmarking...

G06T 11/206 : Drawing of charts or graphs

G06T 2200/24 : involving graphical user in...

H04L 41/0213 : Standardised network manage...

H04L 41/0806 : for initial configuration o...

H04L 41/22 : comprising specially adapte...

H04L 41/5009 : Determining service level p...

H04L 41/5032 : Generating service level re...

H04L 43/04 : Processing captured monitor...

H04L 43/045 : for graphical visualisation...

H04L 43/091 : Measuring contribution of i...

H04L 43/16 : Threshold monitoring

H04L 43/55 : Testing of service level qu...

H04L 67/10 : in which an application is ...

H04L 67/51 : Discovery or management the...

H04L 69/329 : in the application layer [O...

View All

Machine data-derived key performance indicators with per-entity states

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

233 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Machine data-derived key performance indicators with per-entity states

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

233 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links